Information processing apparatus

ABSTRACT

An information processing apparatus includes: a memory that stores, for each of a plurality of items that can be described in extensions included in a certificate signing request, item names and item contents with associating each of the item names with a respective one of the item contents; an acquiring unit that acquires specific information; a preparation unit that makes out a specific certificate signing request including specific extensions in which a specific item name and a specific item content are described, according to a condition for making out specific extensions which is determined in response to a user&#39;s instruction, by acquiring the specific item name and the specific item content from the memory and using the acquired specific information, specific item name and specific item content; and an output unit that outputs the specific certificate signing request to an outside.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application claims priority from Japanese Patent Application No.2010-164831 filed on Jul. 22, 2010, the entire subject matter of whichis incorporated herein by reference.

TECHNICAL FIELD

The invention relates to an information processing apparatus thatprepares a certificate signing request.

BACKGROUND

There has been proposed a technology relating to an electroniccertificate of an x509 format that is used in communication such as SSL(Secure Socket Layer), TLS (Transport Layer Security) and the like.Specifically, the related-art technology discloses a client apparatusthat makes out a certificate signing request (CSR) including an extendedarea (hereinafter referred to as “extensions”) in accordance withversion 3 of the x509 format. A certificate authority makes out theelectronic certificate including the extensions based on the certificatesigning request prepared by the client apparatus.

SUMMARY

Illustrative aspects of exemplary embodiments of the present inventionprovide a technology with which a user can easily enable an informationprocessing apparatus to make out a certificate signing request includingextensions in which desired information is described.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 shows an example of an information processing system according toan exemplary embodiment;

FIG. 2 shows a flow chart of a main process;

FIG. 3 shows an example of a mail setting screen;

FIG. 4 shows an example of a certificate setting screen;

FIG. 5 shows an example of a CSR preparation screen;

FIG. 6 shows a flow chart of an operation information acquiring process;

FIGS. 7A-7B show a flow chart of an extensions setting process;

FIG. 8 shows an example of an extensions setting screen;

FIG. 9 shows another example of the extensions setting screen; and

FIG. 10 shows a flow chart of a CSR preparing process.

DETAILED DESCRIPTION

<General Overview>

For a case where a user enables the client apparatus to prepare a CSR,it may be considered a configuration which asks the user to inputinformation that should be described in the CSR including extensions. Inthis case, it is necessary for the user to input the information,considering a situation in which there exists a certificate authoritythat cannot make out an electronic certificate based on the CSRincluding the extensions, for example. In other words, the user isrequired to have an advanced knowledge of the information that should bedescribed in the extensions.

Therefore, illustrative aspects of exemplary embodiments of the presentinvention provide a technology with which a user can easily enable aninformation processing apparatus to make out a certificate signingrequest including extensions in which desired information is described.

According to one illustrative aspect of the invention, there is providedan information processing apparatus comprising: a memory that isconfigured to store, for each of a plurality of items that can bedescribed in extensions included in a certificate signing request, itemnames and item contents with associating each of the item names with arespective one of the item contents; an acquiring unit that isconfigured to acquire specific information; a preparation unit that isconfigured to make out a specific certificate signing request includingspecific extensions in which a specific item name and a specific itemcontent are described, according to a condition for making out thespecific extensions which is determined in response to a user'sinstruction, wherein the preparation unit is configured to: acquire thespecific item name of the plurality of item names and the specific itemcontent of the plurality of item contents from the memory; and make outthe specific certificate signing request including the specificextensions by using the specific information acquired by the acquiringunit and the specific item name and the specific item content acquiredby the preparation unit; and an output unit that is configured to outputthe specific certificate signing request to an outside.

According thereto, the information about the plurality of items that canbe described in the extensions is stored beforehand in the memory.Accordingly, when a user makes an instruction for determining acondition, the information processing apparatus can acquire theinformation (i.e., a specific item name and a specific item content)relating to the condition from the memory and make out a specificcertificate signing request including specific extensions in which theacquired information is described, even though the user does notspecifically know the content of the information that can be describedin the extensions. Therefore, the user can easily enable the informationprocessing apparatus to make out a certificate signing request includingextensions in which desired information is described.

According to another illustrative aspect of the invention, theinformation processing apparatus further comprises: a display controlunit that is configured to display a selection screen including aplurality of selection fields corresponding to the plurality of itemcontents on a display unit, wherein each of the plurality of selectionfields is selected by the user, wherein the preparation unit describesthe specific item content, which corresponds to a specific selectionfield of the plurality of selection fields selected by the user, and thespecific item name, which is associated with the specific item content,in the specific extensions.

According thereto, by selecting a specific selection field on theselection screen, the user enables the information processing apparatusto make out a specific certificate signing request including specificextensions in which the desired information is described.

According to still another illustrative aspect of the invention, in theinformation processing apparatus, the selection screen comprises aplurality of selection field groups including the plurality of selectionfields, and wherein according to a result of the user's selection on afirst selection field group of the plurality of selection field groups,the display control unit limits the user's selection on a secondselection field group of the plurality of selection field groups.

For example, regarding a case where the selection contents areinconsistent with each other when a first selection filed of the firstselection field group and a second selection field of the secondselection field group are selected at the same time, the selectionscreen is preferably configured so that the first and second selectionfields are not selected at the same time (hereinafter, referred to as‘specific configuration’). According to the information processingapparatus, the specific configuration may be implemented so as to limita user's selection on the second selection field group according to aresult of the user's selection on the first selection field group. Inother words, when the user selects the first selection field, it ispossible to limit (for example, prohibit) a user's selection on thesecond selection field, and the user can selectively acquire theinformation that is described in the extensions from the memory.

According to still another illustrative aspect of the invention, in theinformation processing apparatus, the display control unit prohibits theuser's selection on a part of selection fields included in the secondselection field group and permits the user's selection on the otherselection fields included in the second selection field group accordingto the result of the user's selection on the first selection fieldgroup.

In addition, the display control unit may prohibit the user's selectionon all selection fields included in the second selection field groupaccording to the result of the user's selection on the first selectionfield group.

According to still another illustrative aspect of the invention, in theinformation processing apparatus, the display control unit displays oneselection screen including the first selection field group and thesecond field group on the display unit, and wherein the first selectionfield group is arranged above the second selection field group in theone selection screen.

According thereto, the user can select the first and second selectionfield groups in one selection screen. Generally, the user sequentiallyselects the fields from above in the screen. According to thisconfiguration, it is possible to limit the selection on the secondselection field group having a possibility of being selected later,according to a result of the selection on the first field group having apossibility of being selected first. Accordingly, for example, it ispossible to avoid a user's operation of inputting unnecessaryinformation beforehand, so that it is possible to reduce an input burdenof the user.

According to still another illustrative aspect of the invention, in theinformation processing apparatus, wherein the display control unit isconfigured to: execute a first display process of displaying theselection screen on the display unit through a setting screen related toa function of the information processing apparatus; and execute a seconddisplay process of displaying the selection screen on the display unitwithout through the setting screen, and wherein when the selectionscreen is displayed by the first display process, the preparation unitdescribes the specific item content related to the function and thespecific item name associated with the specific item content, in thespecific extensions.

According thereto, when the user makes an instruction to display theselection screen through the setting screen, a specific item content anda specific item name, which are related to a function, are described inthe specific extensions. Accordingly, it is possible to make out acertificate signing request including the extensions having thenecessary information without a re-input operation of the user.

According to still another illustrative aspect of the invention, in theinformation processing apparatus, the display control unit executes thefirst display process such that a specific selection field of theplurality of selection fields, which corresponds to the specific itemcontent related to the function, is displayed in a state where thespecific selection field has been selected.

According thereto, since the specific selection field is displayed withthe selection thereof being completed, the user does not have tore-select the specific selection field. Thus, it is possible to reducethe operation burden of the user.

According to still another illustrative aspect of the invention, in theinformation processing apparatus, according to the result of the user'sselection on the first selection field group, the display control unitprohibits the user's selection on at least a part of selection fieldsincluded in the second selection field group, which selection content isinconsistent with a selection content of the first selection field groupselected by the user.

Incidentally, a control method for the above-described informationprocessing apparatus, a computer program for the above-describedinformation processing apparatus and a non-transitory computer-readablemedium which stores the computer program are also novel and useful.

<Exemplary Embodiments>

Exemplary embodiments of the invention will now be described withreference to the drawings.

(System Configuration)

As shown in FIG. 1, an information processing system 1 includes a LAN 4,an Internet 6, a multi-function device 10 (a peripheral apparatus of aterminal apparatus 60), a terminal apparatus 60 and certificateauthorities 70, 80. The multi-function device 10, the terminal apparatus60 and the certificate authority 70 are connected to the LAN 4. Themulti-function device 10, the terminal apparatus 60 and the certificateauthority 70 can communicate with each other via the LAN 4. The LAN 4and the certificate authority 80 are connected to the Internet 6. Theterminal apparatus 60 and the certificate authority 80 can communicatewith each other via the LAN 4 and the Internet 6.

(Configuration of Multi-Function Device 10)

A configuration of the multi-function device 10 will be described. Themulti-function device 10 includes a printing function, a scannerfunction, a copier function, an IPFAX function, electronic mailtransmitting and receiving functions and the like. The multi-functiondevice 10 includes a display unit 12, an operation unit 14, a networkinterface 16, a scan execution unit 18, a printing execution unit 20 anda control unit 22. The respective units 12 to 22 are connected to a busline 24. The display unit 12 is a display for displaying a variety ofinformation. The operation unit 14 has a plurality of keys. A user canoperate the operation unit 14 to input various instructions to themulti-function device 10. The network interface 16 is connected to theLAN 4. The scan execution unit 18 has a scan mechanism such as CIS, CCDand the like and scans a scan target to generate image data. Theprinting execution unit 20 has a printing mechanism of an inkjet headmanner, a laser manner and the like and performs a printing operation inresponse to an instruction from the control unit 22. The control unit 22includes a CPU 30 and a memory 32. The memory 32 stores therein aprogram 34 and an item table 36. The CPU 30 executes a process inaccordance with the program 34 in the memory 32, so that the functionsof respective units 50, 52, 54 and 56 are implemented.

The item table 36 stores therein information that can be described inextensions that is included in a certificate signing request(hereinafter, referred to as ‘CSR’) that is prepared by themulti-function device 10.

The CSR is classified into: a first type CSR including a basic area andextensions; and a second type CSR that includes a basic area but doesnot include extensions. In the basic area, various information of acertificate user such as common name, organization, department, city,province, country and the like are described. In the extensions, avariety of information such as ‘ExtendedKeyUsage=emailProtection’,‘SubjectAltName=IPv4addresss’ and the like are described. The first typeCSR is a CSR for a certificate of version 3 of an x509 format(hereinafter, referred to as ‘certificate of x509v3’) and includesextensions. The second type CSR is a CSR of x509v3, for example, anddoes not include extensions. In this exemplary embodiment, the IPv4address is adopted as an IP address. However, the IP address is notlimited to the IPv4 address. For example, an IPv6 address may beadopted.

In the item table 36, among a plurality of items, each item name 44 isassociated with respective item content 46. The item name‘ExtendedKeyUsage’ is associated with a plurality of item contents,i.e., ‘emailProtection’, ‘clientAuth’ and ‘serverAuth.’ The itemcontents ‘emailProtection’, ‘clientAuth’ and ‘serverAuth’ indicate‘email protection’, ‘client authentication’ and ‘server authentication’,respectively. In addition, the item name ‘subjectAltName’ is associatedwith one item content ‘IPv4address.’ The item content ‘IPv4address’indicates an IPv4 address that is set (allocated) to the multi-functiondevice 10. In this exemplary embodiment, the item table 36 is storedbeforehand in the memory 32 by a vender of the multi-function device 10before the multi-function device 10 is shipped out. Incidentally, theitem content ‘IPv4address’ is stored in the item table 36 when an IPv4address is allocated to the multi-function device 10.

(Configuration of Terminal Apparatus 60)

The terminal apparatus 60 is a personal computer and the like, forexample. The terminal apparatus 60 is connected to the LAN 4. Theterminal apparatus 60 includes a display unit 62, an operation unit 64and a control unit 66. The display unit 62 is a display for displaying avariety of information. The operation unit 64 includes a keyboard, amouse, and the like. The control unit 66 includes a CPU and a memory(not shown).

(Configuration of Certificate Authorities 70, 80)

Each of the certificate authorities 70, 80 makes out a certificate inresponse to the CSR that is prepared by the multi-function device 10.The certificate authority 70 makes out a first certificate includingextensions, based on the first type CSR including the extensions. Thecertificate authority 80 makes out a second certificate not includingextensions, based on the second type CSR that does not include theextensions. Incidentally, the certificate authority 70 can make out thesecond certificate not including the extensions, based on the secondtype CSR. On the other hand, the certificate authority 80 cannot makeout the first certificate including the extensions, based on the firsttype CSR. In the followings, the certificate authority 70 and thecertificate authority 80 are sometimes referred to as ‘Privatecertificate authority 70’ and ‘Public certificate authority 80’,respectively. Here, the Private certificate authority means an authoritythat can make out a certificate, only based on a CSR that themulti-function device 10 prepares in accordance with an application ofthe multi-function device 10. The Public certificate authority means anenterprise, a public institution and the like that makes out acertificate.

(Processes Executed by Multi-Function Device 10)

In the followings, processes that are executed by the control unit 22 ofthe multi-function device 10 will be described with reference to FIGS. 2to 10. The processes are described based on a flow chart of a mainprocess of FIG. 2.

(First Display Process)

A first display process for displaying a CSR preparation screen 100(refer to FIG. 5) on the display unit 62 of the terminal apparatus 60will be described. The multi-function device 10 may serve as a webserver. A user uses the operation unit 64 of the terminal apparatus 60to access the web server of the multi-function device 10. When the useraccesses the web server of the multi-function device 10 by using theterminal apparatus 60, the display control unit 56 (refer to FIG. 1) ofthe multi-function device 10 transmits data, which indicates a mainscreen (not shown) of the web server, to the terminal apparatus 60. As aresult, the control unit 66 of the terminal apparatus 60 displays themain screen on the display unit 62. Then, the user can use the operationunit 64 to perform an operation for displaying a variety of settingscreens of the multi-function device 10 in the main screen. For example,the user can perform an operation for displaying a certificate settingscreen 140 (refer to FIG. 4). In addition, the user can perform anoperation for displaying a setting screen relating to functions of themulti-function device 10 from the main screen. For example, the userperforms an operation for displaying a mail setting screen 130 (refer toFIG. 3) relating to settings of email functions of the multi-functiondevice 10. In this case, the control unit 66 of the terminal apparatus60 transmits a predetermined command to the multi-function device 10.The display control unit 56 (refer to FIG. 1) of the multi-functiondevice 10 transmits data, which indicates the mail setting screen 130,to the terminal apparatus 60 in response to the predetermined command.As a result, the control unit 66 of the terminal apparatus 60 displaysthe mail setting screen 130 on the display unit 62. The mail settingscreen 130 of FIG. 3 is a screen for making various settings relating toan email. The mail setting screen 130 has columns for inputting avariety of information and a hyperlink 132 for displaying thecertificate setting screen 140 (refer to FIG. 4). The user can use theoperation unit 64 to operate the hyperlink 132, thereby performing anoperation for displaying the certificate setting screen 140 (refer toFIG. 4). Accordingly, for example, the user can perform a process forcreating a CSR that is required to make out a certificate to be used fora digital signature of an email through the mail setting screen 130 andthe certificate setting screen 140.

The setting screen relating to the functions of the multi-functiondevice 10 includes not only the mail setting screen 130 (refer to FIG.3) but also a device connection authentication setting screen (notshown) for making various settings relating to connection authenticationfor connecting the multi-function device 10 to the LAN 3, an IPP(Internet Printing Protocol) and Web setting screen (not shown) formaking various settings relating to communication with themulti-function device 10 and an external server and the like. All of thedevice connection authentication setting screen and the IPP and Websetting screen have the same hyperlinks as the hyperlink 132 (refer toFIG. 3).

When the user performs an operation for displaying the certificatesetting screen 140 (refer to FIG. 4) (i.e., hyperlink operation) in oneof the three setting screens (mail setting screen 130, device connectionauthentication setting screen and IPP and Web setting screen), theterminal apparatus 60 transmits a predetermined command to themulti-function device 10. The display control unit 56 (refer to FIG. 1)transmits data, which indicates the certificate setting screen 140, tothe terminal apparatus 60 in response to the predetermined command. As aresult, the terminal apparatus 60 displays the certificate settingscreen 140 on the display unit 62. The certificate setting screen 140 ofFIG. 4 is a screen for performing a variety of settings relating to thecertificate that is stored in the memory 32 of the multi-function device10. The certificate setting screen 140 has a hyperlink 142 fordisplaying the CSR preparation screen 100 (refer to FIG. 5). The usercan use the operation unit 64 of the terminal apparatus 60 to operatethe hyperlink 142, thereby performing an operation for displaying theCSR preparation screen 100 (refer to FIG. 5).

When the user operates the hyperlink 142, the terminal apparatus 60transmits a predetermined command to the multi-function device 10. Thedisplay control unit 56 (refer to FIG. 1) transmits data, whichindicates the CSR preparation screen 100, to the terminal apparatus 60in response to the predetermined command (S2 in FIG. 2). As a result,the terminal apparatus 60 displays the certificate setting screen 100 onthe display unit 62. In the followings, a process for displaying thecertificate setting screen 140 and then the CSR preparation screen 100through any one of the three setting screens (mail setting screen 130,device connection authentication setting screen and IPP and Web settingscreen) is referred to as a ‘first display process.’ When the CSRpreparation screen 100 is displayed by the first display process, thedisplay control unit 56 stores display hysteresis information, whichindicates which of the three setting screens has been displayed, in thememory 32.

As shown in FIG. 5, the CSR preparation screen 100 has input columns 102a to 102 f of each information such as common name, organization, city,province and country and an OK button 106. The information that shouldbe input in the input columns 102 a to 102 f is the basic areainformation. The user can operate the operation unit 64 to input thebasic area information in the input columns 102 a to 102 f and tooperate the OK button 106.

(Second Display Process)

A second display process for displaying the CSR preparation screen 100(refer to FIG. 5) on the display unit 62 will be described. The user canexecute an operation for displaying the certificate setting screen 140(refer to FIG. 4) in the main screen. In this case, like the firstdisplay process, the certificate setting screen 140 is displayed on thedisplay unit 62 without through any of the three setting screens. Theuser can operate the hyperlink 142. In this case, as described above,the certificate setting screen 100 is displayed on the display unit 62.In the followings, a process for displaying the certificate settingscreen 140 and then the CSR preparation screen 100 without through anyof the three setting screens is referred to as a ‘second displayprocess.’ When the CSR preparation screen 100 is displayed by the seconddisplay process, the display control unit 56 does not store the displayhysteresis information in the memory 32.

When the basic area information is input in the input columns 102 a to102 f of the CSR preparation screen 100 (refer to FIG. 5) that isdisplayed by the first or second display process and the OK button 106is then operated, the terminal apparatus 60 transmits the basic areainformation to the multi-function device 10. As a result, an acquiringunit 50 (refer to FIG. 1) acquires the basic area information from theterminal apparatus 60 (S4 in FIG. 2). Then, the display control unit 56executes an operation information acquiring process (S6 in FIG. 2).

(Operation Information Acquiring Process)

The operation information acquiring process of S6 in FIG. 2 will bedescribed with reference to FIG. 6. When the operation informationacquiring process starts, the display control unit 56 reads out thedisplay hysteresis information stored in the memory 32. The displaycontrol unit 56 determines whether the display hysteresis information isinformation indicating the display of the mail setting screen 130 (referto FIG. 3) (S30). When a result of the determination in S30 is YES, thedisplay control unit 56 stores a flag indicating the “certificateauthority=Private” and a flag indicating “Email contents protection=ON”in the memory 32 (S32). The flag indicating the “certificateauthority=Private” is a flag for selecting a radio button 112 a in anextensions setting screen 110 (refer to FIGS. 8 and 9) (which will bedescribed later). In addition, the flag indicating “Email contentsprotection=ON” is a flag for checking a check box 114 a.

When a result of the determination in S30 is NO, the display controlunit 56 determines whether the display hysteresis information isinformation indicating the display of the device connection settingscreen (S34). When a result of the determination in S34 is YES, thedisplay control unit 56 stores the flag indicating the “certificateauthority=Private” and a flag indicating “device connectionauthentication=ON” in the memory 32 (S36). The flag indicating “deviceconnection authentication=ON” is a flag for checking a check box 114 b(refer to FIGS. 8 and 9).

When a result of the determination in S34 is NO, the display controlunit 56 determines whether the display hysteresis information isinformation indicating the display of the IPP and Web setting screen(S38). When a result of the determination in S38 is YES, the displaycontrol unit 56 stores the flag indicating the “certificateauthority=Private” and a flag indicating “IPP and Web communicationprotection=ON” in the memory 32 (S40). The flag indicating “IPP and Webcommunication protection=ON” is a flag for checking a check box 114 d(refer to FIGS. 8 and 9).

When a result of the determination in S38 is NO, i.e., when the displayhysteresis information is not stored in the memory 32, specifically, theCSR preparation screen is displayed by the second display process, thedisplay control unit 56 stores a flag indicating “certificateauthority=Public” in the memory 32 (S42). The flag indicating“certificate authority=Public” is a flag for selecting a radio button112 b (refer to FIGS. 8 and 9).

When any step of S32, S36, S40 and S42 is completed, the operationinformation acquiring process is ended. When the operation informationacquiring process is ended, the display control unit 56 executes anextensions setting process (S8 in FIG. 2).

(Extensions Setting Process)

The extensions setting process of S8 in FIG. 2 will be described withreference to FIG. 7. When the extensions setting process starts, thedisplay control unit 56 transmits data, which indicates the extensionssetting screen 110 shown in FIGS. 8 and 9, to the terminal apparatus 60(S60 in FIG. 7). As a result, the terminal apparatus 60 displays theextensions setting screen 110 on the display unit 62.

As shown in FIGS. 8 and 9, the extensions setting screen 110 is a screenfor performing a setting relating to information to be described inextensions included in a CSR. The extensions setting screen 110includes, sequentially from above in the screen, a certificate authorityselection unit 112 for selecting a certificate authority of atransmission destination of the CSR, a usage selection unit 114 forselecting a usage (extended key usage) of a certificate, an alias nameselection unit 116 for selecting an alias name (subject alternativename) of a certificate, a cancel button 118 and an OK button 120.

The certificate authority selection unit 112 includes a radio button 112a for selecting the Private certificate authority 70 (refer to FIG. 1)and a radio button 112 b for selecting the Public certificate authority80 (refer to FIG. 1). The user can check one of the radio buttons 112 a,112 b. When the user checks the radio button 112 a, it means that theuser selects the Private certificate authority 70 as a certificateauthority for preparing a certificate by using a CSR. In other words, itmeans that the user selects the preparation of the first type CSR. Inthis case, the control unit 66 of the terminal apparatus 60 transmitsthe operation information, which indicates that the radio button 112 ais checked, to the multi-function device 10. On the other hand, when theuser checks the radio button 112 b, it means that the user selects thePublic certificate authority 80 as a certificate authority for preparinga certificate by using a CSR. In this case, the control unit 66 of theterminal apparatus 60 transmits the operation information, whichindicates that the radio button 112 b is checked, to the multi-functiondevice 10.

The usage selection unit 114 has a plurality of check boxes 114 a to 114d. The check box 114 a is a column for selecting, as an item contentincluded in the extensions, the email protection (‘emailProtection’ inFIG. 1). The check box 114 b is a column for selecting, as an itemcontent, the client authentication (‘clientAuth’ in FIG. 1). The checkbox 114 c is a column for selecting that a certificate will be used in aspecific server (for example, a server connected to the LAN 4). Thecheck box 114 d is a column for selecting, as an item content, theserver authentication (‘serverAuth’ in FIG. 1). Incidentally, the usercan check two or more check boxes 114 a to 114 d at the same time. Whenthe user checks the check boxes 114 a to 114 d, the control unit 66 ofthe terminal apparatus 60 transmits the operation information, whichindicates that the check boxes 114 a to 114 d are checked, to themulti-function device 10.

The alias name selection unit 116 has radio buttons 116 a to 116 c andan input column 116 d. The radio button 116 a is a button for selectingthat an alias name of a certificate will not be used. The radio button116 b is a button for selecting that an IPv4 address of themulti-function device 10 will be used as an alias name of a certificate.In other words, the radio button 116 b is a button for selecting, as anitem content, an IPv4 address (‘IPv4address’ in FIG. 1). The radiobutton 116 c is a button for selecting that a name input in the inputcolumn 116 d will be used as an alias name of a certificate. The usercan check any one of the radio buttons 116 a to 116 c. Incidentally,compared to the radio buttons 112 a, 112 b and the check boxes 114 a to114 d, even when the check states of the radio buttons 116 a to 116 care changed, the control unit 66 of the terminal apparatus 60 does nottransmit the operation information to the multi-function device 10. Whenthe user selects the cancel button 118 or OK button 120, the controlunit 66 of the terminal apparatus 60 transmits the operation informationto the multi-function device 10.

In S60 of FIG. 7, the display control unit 56 generates data, whichindicates the extensions setting screen 110 in which the respectiveselection columns (check columns) 112, 112 b, 114 a to 114 d and 116 ato 116 c are checked or unchecked, in accordance with the flags that arestored in the memory 32 in the operation information acquiring process(refer to FIG. 6). Accordingly, when the flag indicating “certificateauthority=Private” and the flag indicating “Email contentsprotection=ON” are stored in the memory 32 in S32 of FIG. 6, forexample, the display control unit 56 generates data, which indicates theextensions setting screen 110 in which the radio button 112 a and thecheck box 114 a are checked, in S60 of FIG. 7. In this case, the displaycontrol unit 56 further generates data, which indicates the extensionssetting screen 110 in which the selection of the check box 114 c isprohibited (i.e., the check box 114 c is at a grayout state).

When the flag indicating “certificate authority=Private” and the flagindicating “device connection authentication=ON” are stored in thememory 32 in S36 of FIG. 6, the display control unit 56 generates data,which indicates the extensions setting screen 110 in which the radiobutton 112 a and the check box 114 b are checked, in S60 of FIG. 7. Inthis case, the display control unit 56 further generates data, whichindicates the extensions setting screen 110 in which the selection ofthe check box 114 c is permitted.

When the flag indicating “certificate authority=Private” and the flagindicating “IPP and Web communication protection=ON” are stored in thememory 32 in S40 of FIG. 6, the display control unit 56 generates data,which indicates the extensions setting screen 110 in which the radiobutton 112 a and the check box 114 a are checked and the selection ofthe check box 114 c is prohibited (i.e., the check box 114 c is at agrayout state).

When the flag indicating “certificate authority=Public” is stored in thememory 32 in S42 of FIG. 6, the display control unit 56 generates data,which indicates the extensions setting screen 110 (i.e., the extensionssetting screen 110 of FIG. 8) in which the radio button 112 b ischecked. In this case, the display control unit 56 further generatesdata, which indicates the extensions setting screen 110 in which theselection of each check column of the usage selection unit 114 and thealias name selection unit 116 is prohibited (i.e., each column is at agrayout state).

In S60, the display control unit 56 further transmits the generated datato the terminal apparatus 60. As a result, the terminal apparatus 60displays the extensions setting screen 110 relating to the data acquiredfrom the multi-function device 10 on the display unit 62. As a result,when the extensions setting screen 110 is displayed through the mailsetting screen 130, for example, the extensions setting screen 110 inwhich the check box 114 a is checked is displayed. Likewise, when theextensions setting screen 110 is displayed through the device connectionauthentication screen or IPP and Web setting screen, for example, theextensions setting screen 110 in which the check box 114 b or 114 d ischecked is displayed. Since the extensions setting screen 110 in whichthe check box related to the function corresponding to the settingscreen is checked is displayed, the user does not have to re-check thecheck box. In other words, it is possible to reduce an operation burdenof the user. Accordingly, when the user performs the operation formaking out a CSR while performing the mail setting in the mail settingscreen 130, for example, it is possible to acquire the CSR having apurpose of the ‘email contents protection’ that the user seriouslydesires without re-checking the check box 114 a in the extensionssetting screen 110 that is displayed in S60.

When the process of S60 is completed, the display control unit 56monitors whether the operation information is received from the terminalapparatus 60 (S62, S70, S80, S84, S90, S94). When the operationinformation indicates the operation on the certificate authorityselection unit 112, the display control unit 56 determines that a resultof the determination in S62 is YES. When a result of the determinationin S62 is YES, the display control unit 56 determines whether theoperation information indicates the operation of selecting the Privatecertificate authority (S64). Specifically, in S64, the display controlunit 56 determines YES when the operation information indicates theoperation of checking the radio button 112 a, whereas the displaycontrol unit 56 determines NO when the operation information indicatesthe operation of checking the radio button 112 b. When a result of thedetermination in S64 is YES, the display control unit 56 generates data,which indicates a new extensions selection screen 110 (i.e., theextensions selection screen 110 of FIG. 9) in which the grayout of therespective check columns 114 a to 114 d (except for the check column 114c) and 116 a to 116 c of the usage selection unit 114 and the alias nameselection unit 116 is released, and transmits the data to the terminalapparatus 60 (S66). On the other hand, when a result of thedetermination in S64 is NO, the display control unit 56 generates data,which indicates a new extensions selection screen 110 in which therespective check columns 114 a to 114 d and 116 a to 116 c of the usageselection unit 114 and the alias name selection unit 116 are grayed out,and transmits the data to the terminal apparatus 60 (S68). As a result,the new extensions selection screen 110 is displayed on the display unit62.

When the operation information indicates the operation on the usageselection unit 114, the display control unit 56 determines YES in S70.Specifically, when the operation information indicates the check oruncheck operation on the check boxes 114 a, 114 b, 114 d, the displaycontrol unit 56 determines YES. When a result of the determination inS70 is YES, the display control unit 56 determines whether the operationinformation indicates the operation of checking the check box 114 b(S72). When a result of the determination in S72 is YES, the displaycontrol unit 56 generates data, which indicates the new extensionssetting screen 110 in which the grayout of the check box 114 c isreleased, and transmits the data to the terminal apparatus 60 (S74). Onthe other hand, when a result of the determination is NO, the displaycontrol unit 56 determines whether the operation information indicatesthe operation of unchecking the check box 114 b (S76). When a result ofthe determination in S76 is YES, the display control unit 56 generatesdata, which indicates a new extensions setting screen 110 in which thecheck box 114 c is grayed out, and transmits the data to the terminalapparatus 60 (S78). On the other hand, when a result of thedetermination in S74 and S76 is NO, it means that the operationinformation indicates the operation on the check boxes 114 a, 114 d. Inthis case, the display control unit 56 does not generate data thatindicates a new extensions setting screen 110. As a result of theprocesses of S74 and S78, the new extensions setting screen 110 isdisplayed on the display unit 62.

When the operation information indicates the operation of checking thecheck box 114 c, the display control unit 56 determines YES in S80. Whena result of the determination in S80 is YES, the display control unit 56generates data, which indicates a new extensions setting screen 110 inwhich the radio button 116 a of the alias name selection unit 116 isgrayed out, and transmits the data to the terminal apparatus 60 (S82).As a result, the new extensions setting screen 110 is displayed on thedisplay unit 62.

When the operation information indicates the operation of unchecking thecheck box 114 c, the display control unit 56 determines YES in S84. Whena result of the determination in S84 is YES, the display control unit 56generates data, which indicates a new extensions setting screen 110 inwhich the grayout of the radio button 116 a of the alias name selectionunit 116 is released, and transmits the data to the terminal apparatus60 (S86). As a result, the new extensions setting screen 110 isdisplayed on the display unit 62.

Incidentally, as described above, the Public certificate authority 80cannot make out a certificate based on the first type CSR including theextensions. Accordingly, when the radio button 112 b corresponding tothe Public certificate authority 80 and the check columns of therespective selection units 114, 116 for specifying the information to beincluded in the extensions are selected at the same time, the selectioncontents are inconsistent with each other. According to this exemplaryembodiment, as shown in S68 of FIG. 7, when the user selects the radiobutton 112 b, the selection of the check columns of the respectiveselection units 114, 116 is prohibited. Thus, it is possible to preventthe radio button 112 b and the respective check columns of the selectionunits 114, 116 from being selected at the same time. Further, an aliasname of a certificate is necessarily required so as to use thecertificate in a specific server. Accordingly, when the check box 114 cand the radio button 116 a are selected at the same time, the selectioncontents conflict with each other. According to this exemplaryembodiment, as shown in S82 of FIG. 7, when the user checks the checkbox 114 c, the selection of the radio button 116 a is prohibited. Thus,it is possible to suppress the check box 114 c and the radio button 116a from being selected at the same time. As a result, the user canselectively acquire the information, which is described in theextensions, from the memory 32.

The user usually performs the selection on the respective selectionunits 112, 114, 116 from above in one extensions setting screen 110.According to this exemplary embodiment, it is possible to limit theselection on the selection unit (for example, selection units 114, 116)having a possibility that it will be selected later, according to aresult of the selection on the selection unit (for example, selectionunits 112, 114) having a possibility that it will be selected first.Therefore, it is possible to avoid a user's operation of inputtingunnecessary information in advance, so that it is possible to reduce aninput burden of the user.

When the operation information indicates the operation on the cancelbutton 118, the display control unit 56 determines YES in S90. When aresult of the determination in S90 is YES, the display control unit 56transmits the data, which indicates the extensions setting screen 110 ofthe initial state (i.e., extensions setting screen 110 of FIG. 8), tothe terminal apparatus 60 (S92). As a result, the extensions settingscreen 110 of the initial state shown in FIG. 8 is displayed on thedisplay unit 62.

When the operation information indicates the operation on the OK button120, the display control unit 56 determines YES in S94. When the OKbutton 120 is operated, the control unit 66 of the terminal apparatus 60transmits the information, which indicates the check state on theextensions setting screen 110 at the time that the OK button 120 isoperated, to the multi-function device 10. Incidentally, when acharacter string is input in the input column 116 d, the control unit 66of the terminal apparatus 60 also transmits the character string to themulti-function device 10. The display control unit 56 stores theinformation (additionally, the character string) from the terminalapparatus 60 in the memory 32, as a setting value (S96). Specifically,regarding the respective check boxes 114 a to 114 d, the display controlunit 56 stores the check state as ON and the uncheck state as OFF in thememory 32. In addition, the display control unit 56 stores theinformation indicating which of the radio buttons 116 a to 116 c ischecked in the memory 32 and stores the character string, which is inputin the input column 116 d, in the memory 32. When the step of S96 iscompleted, the extensions setting process is ended. In this case, apreparation unit 52 (refer to FIG. 1) executes a CSR preparation processof S10 in FIG. 2. Incidentally, regarding the respective check columnsthat are included in the grayout areas on the extensions setting screen110 at the operation time of the OK button 120, the preparation unit 52considers the check columns unchecked irrespective of the check statesof the check columns.

(CSR Preparation Process)

The CSR preparation process of S10 in FIG. 2 will be described withreference to FIG. 10. The preparation unit 52 (refer to FIG. 1) firstreads out the setting value that is stored in the memory 32 in S96.Then, the preparation unit 52 determines whether the check box 114 acorresponding to “Email contents protection” is ON or not (S100). When aresult of the determination in S100 is YES, the preparation unit 52acquires the item name ‘ExtendedKeyUsage’ and the item content‘emailProtection’ from the item table 36 (refer to FIG. 1) (S102).

When the step of S102 is completed or when a result of the determinationin S100 is NO, the preparation unit 52 determines whether the check box114 b corresponding to the ‘device connection authentication’ is ON ornot (S104). When a result of the determination in S104 is YES, thepreparation unit 52 acquires the item name ‘ExtendedKeyUsage’ and theitem content ‘clientAuth’ from the item table 36 (S106).

When the step of S106 is completed or when a result of the determinationin S104 is NO, the preparation unit 52 determines whether the check box114 d corresponding to the ‘IPP and Web setting communicationprotection’ is ON or not (S108). When a result of the determination inS108 is YES, the preparation unit 52 acquires the item name‘ExtendedKeyUsage’ and the item content ‘clientAuth’ from the item table36 (S110).

When the step of S110 is completed or when a result of the determinationin S108 is NO, the preparation unit 52 determines whether the radiobutton 116 a corresponding to ‘No’ in the alias name selection unit 116is checked or not (S112). When a result of the determination in S112 isYES, the preparation unit proceeds to S120. When a result of thedetermination in S112 is NO, the preparation unit 52 determines whetherthe radio button 116 a corresponding to ‘automatic’ in the alias nameselection unit 116 is checked or not (S114). When a result of thedetermination in S114 is YES, the preparation unit 52 acquires the itemname ‘SubjectAltName’ and the item content ‘IPv4address’ from the itemtable 36 (S116). When a result of the determination in S114 is NO, itmeans that the radio button 116 c corresponding to ‘manual’ is checked.In this case, the preparation unit 52 acquires the item name‘SubjectAltName’ from the item table 36 and acquires, as the itemcontent, the character string, which is input in the input column 116 d,from the setting value of the memory 32 (S118). When the step of S116 orS118 is completed, the preparation unit proceeds to S120.

In S120, the preparation unit 52 uses the acquired information to makeout a CSR. Specifically, the preparation unit 52 first prepares a basicarea including the basic area information that is acquired in S4 of FIG.2. Then, when the item names and the item contents are acquired from thememory 32 in the steps of S100 to S118, the preparation unit 52 makesout extensions in which the acquired item names and item contents aredescribed. Then, the preparation unit 52 makes out a CSR (first typeCSR) including the prepared basic area and the extensions. On the otherhand, when no information is acquired from the memory 32 in the steps ofS100 to S118, the preparation unit 52 does not make out extensions. Inthis case, the preparation unit 42 makes out a CSR (second type CSR)that includes the basic area but does not include the extensions.

Then, an output unit 54 (refer to FIG. 1) transmits the prepared CSR tothe terminal apparatus 60 (S122). As a result, the CSR is displayed onthe display unit 62, so that the user can confirm the content of theCSR. The user can operate the operation unit 64 of the terminalapparatus 60 to request the certificate authority to make out acertificate by using the CSR acquired from the multi-function device 10.For example, when the first type CSR is acquired from the multi-functiondevice 10, the user can request the Private certificate authority 70 tomake out a certificate. On the other hand, when the second type CSR isacquired from the multi-function device 10, the user can request thePublic certificate authority 80 to make out a certificate. Thecertificate authority makes out a certificate based on the CSR includedin the preparation request and transmits the same to the terminalapparatus 60. When the terminal apparatus 60 receives the certificatefrom the certificate authority, the terminal apparatus stores thecertificate in a memory (not shown). The user can operate the operationunit 64 of the terminal apparatus 60 to execute an install operation forinstalling the certificate stored in the memory into the memory 32 ofthe multi-function device 10. The control unit 66 of the terminalapparatus 60 transmits the certificate to the multi-function device 10.When the control unit 22 of the multi-function device 10 receives thecertificate, the control unit 22 stores (installs) the certificate inthe memory 32. The multi-function device 10 can use the installedcertificate to communicate with another device.

The information processing system 2 of this exemplary embodiment hasbeen described. In this exemplary embodiment, the preparation unit 52acquires the item name and item content that are included in theextensions from the item table 36 according to the selection result thatthe user performs in the extensions setting screen 110 (refer to FIGS. 8and 9), and then the preparation unit 52 makes out the CSR (first typeCSR) including the extensions in which the specific item name and thespecific item content are described. According to this configuration,the information about the plurality of items that can be described inthe extensions is beforehand stored in the item table 36. Accordingly,when the user performs the selection in the extensions setting screen110, the multi-function device 10 can acquire the information relatingto the selection result (i.e., item name and content) from the itemtable 36 even when the user does not know the content of the informationin details, which can be described in the extensions, and can make outthe CSR including the extensions in which the acquired information isdescribed. Thus, since the operation burden of the user is reduced, theuser can easily enable the multi-function device 10 to make out the CSRincluding the extensions in which the desired information is described.

The correspondence between the configuration of this exemplaryembodiment and the configuration of the invention will be described. Themulti-function device 10 is one example of the ‘information processingapparatus.’ The information that is acquired in S4 of FIG. 2 is oneexample of the ‘specific information.’ The extensions setting screen 110of FIGS. 8 and 9 is one example of the ‘selection screen.’ The checkboxes 114 a, 114 b, 114 d and the radio button 116 b in the extensionssetting screen 110 are examples of the ‘plurality of section fields.’The certificate authority section unit 112, the usage selection unit 114and the alias name selection unit 116 in the extensions setting screen110 are examples of the ‘plurality selection field groups.’ The usageselection unit 114 is one example of the ‘first selection field group.’In this case, the alias name selection unit 116 is one example of the‘second field group.’ In addition, the certificate authority selectionunit 112 is another example of the ‘first selection field group.’ Inthis case, the usage selection unit 114 or alias name selection unit 116is another example of the ‘second field group.’ The mail setting screen130 of FIG. 3 is one example of the ‘setting screen.’ The setting valuethat is stored in the memory 32 in S96 of FIG. 7 is one example of the‘condition for preparing the specific extensions that is determined inresponse to the user's instruction.’

<Modification to Exemplary Embodiments>

Modifications to the above-described exemplary embodiment will bedescribed.

(1) In the above-described exemplary embodiment, regarding the CSR ofx509v3, the first type CSR has been described as the CSR including theextensions and the second type CSR has been described as the CSRincluding no information in the extensions. Alternatively, the firsttype CSR may be a CSR of x509v3, and the second type CSR may be a CSR ofx509v1 (version 1 of the x509 format) having no extensions.

(2) The certificate authority 70 may not prepare a certificate, based onthe second type CSR. In other words, generally, the ‘Private certificateauthority’ may be a certificate authority that can make out acertificate at least based on the first type CSR. In addition, the‘Public certificate authority’ may be a certificate authority thatcannot make out a certificate based on the first type CSR and canprepare a certificate based on the second type CSR.

(3) In the above-described exemplary embodiment, all of the mail settingscreen 130 (refer to FIG. 3), the certificate setting screen 140 (referto FIG. 4), the CSR preparation screen 100 (refer to FIG. 5) and theextensions setting screen 110 (refer to FIGS. 8 and 9) are displayed onthe display unit 62 of the terminal apparatus 60. However, therespective screens may be displayed on the display unit 12 of themulti-function device 10. In such a modified embodiment, the displayunit 12 of the multi-function device 10 is one example of the ‘displayunit.’

(4) In the above-described exemplary embodiment, the multi-functiondevice 10 has been exemplified. Alternative to the multi-function device10, a PC, a server, a printer, a scanner, a mobile terminal (PDA, mobilephone and the like) may be used. Each of the devices is included in theconfiguration of the ‘information processing system.’

(5) In the above-described exemplary embodiment, the item table 36 isbeforehand stored in the memory 32 by a vender of the multi-functiondevice 10 before the multi-function device 10 is shipped out. However, auser may store the item names and contents of the information, which canbe described in extensions, in the memory 32 in advance. In this case,the multi-function device 10 may make out the first type CSR includingextensions in which the information stored in the memory 32 by the useris described. This modified embodiment is also included in theconfiguration of the ‘memory in which regarding each of the plurality ofitems that can be described in the extensions included in thecertificate signing request, the item names and the item contents arestored with being associated with each other.’

(6) In the above-described exemplary embodiment, in the extensionssetting process, the display control unit 56 generates the data, whichindicates the new extensions setting screen 110, and transmits the sameto the terminal apparatus 60 whenever the operation information isreceived from the terminal apparatus 60. Alternatively, the displaycontrol unit 56 may also transmit an instruction with which the terminalapparatus 60 executes a process (for example, the processes of S62 toS94) for changing the extensions setting screen 110 in response to theuser's operation when the data indicating the extensions setting screen110 is transmitted in S60 of FIG. 7. In this case, the control unit 66of the terminal apparatus 60 may execute the process for changing theextensions setting screen 110 in response to the instruction.

The specific exemplary embodiments of the invention have been described.However, the embodiments are exemplary and not to limit the scope of theinvention. The technologies defined in the claims include the modifiedand changed examples to the exemplary embodiments.

In addition, the technical elements described and shown in thespecification and the drawings provide the technical usefulnessindependently or in combination and are not limited to a combination ofthe claims at the time of filing this application. Further, thetechnologies exemplified in the specification or drawings achieve thepurposes at the same time and have a technical usefulness inasmuch asone purpose is realized.

What is claimed is:
 1. An information processing apparatus comprising: amemory that is configured to store a plurality of item names and aplurality of item contents, each of the plurality of item names beingassociated with at least one of the plurality of item contents, each ofthe plurality of item names and the at least one of the plurality ofitem contents being stored in association with each of a plurality ofitems that can be described in extensions included in a certificatesigning request; and a processor configured to: transmit a certificatesetting screen data to the terminal apparatus, the certificate settingscreen data causing the terminal apparatus to display on the displayunit a certificate setting screen; store a screen history data in thememory in response to transmitting certificate setting screen data, thescreen history data including a history of screen data transmitted tothe terminal apparatus; transmit a certificate signing request screendata to a terminal apparatus, the certificate signing request screendata causing the terminal apparatus to display a certificate signingrequest screen, which includes input columns, on a display unit; acquirebasic area information from the terminal apparatus, wherein the basicarea information represents user's input in the input columns; generateand transmit to the terminal apparatus extensions setting screen data inaccordance with the screen history data, the extension setting screendata causing the terminal apparatus to display an extensions settingscreen, which includes a plurality of selection fields, on the displayunit, wherein at least part of the plurality of selection fields havealready been checked in accordance with the screen history data when theextension setting screen is displayed on the display unit, the pluralityof selection fields being included in one of a first selection fieldgroup and a second selection field group, the first selection fieldgroup including a plurality of transmission destinations of certificatesigning request by a radio button selection of one of private andpublic, the private radio button being already checked if the screenhistory data indicates that a specific screen has been transmitted priorto the certificate setting screen data and the public radio button beingalready checked if the screen history data indicates that a specificscreen has not been transmitted prior to the certificate screen settingscreen data, wherein, according to user's selection of the private radiobutton or according to the selection of the private radio button beingalready checked in accordance with the screen history data, one or moreselection fields of the second selection field group is displayed in amanner prohibiting selection; acquire, from the memory, a specific itemname and a specific item content in accordance with checked fields inthe plurality of selection fields, the specific item name being one ofthe plurality of item names stored in the memory, the specific itemcontent being one of the plurality of item contents stored in thememory; generate a specific certificate signing request including basicarea and specific extensions, wherein the basic area includes theacquired basic area information, and the specific extensions include theacquired specific item name and the acquired specific item content; andoutput the generated specific certificate signing request to theterminal apparatus.
 2. The information processing apparatus according toclaim 1, wherein, according to the user's selection on the firstselection field group, the processor is further configured to: prohibitthe user's selection on a part of the selection fields included in thesecond selection field group; and permit the user's selection onselection fields, included in the second selection field group, otherthan the part of the selection fields.
 3. The information processingapparatus according to claim 1, wherein, according to the user'sselection on the first selection field group, the processor is furtherconfigured to prohibit the user's selection on all selection fieldsincluded in the second selection field group.
 4. The informationprocessing apparatus according to claim 1, wherein the extensionssetting screen data causes the terminal apparatus to display on thedisplay unit the extensions setting screen in a manner that the firstselection field group is arranged above the second selection fieldgroup.
 5. The information processing apparatus according to claim 1,wherein content of the at least a part of selection fields included inthe second selection field group is inconsistent with content inaccordance with the user's selection on the first selection field group.6. The information processing apparatus according to claim 1, whereinthe extension setting screen data causes the terminal apparatus todisplay the extension setting screen having the plurality of selectionfields, other than the checked selection fields, grayed out.
 7. Theinformation processing apparatus according to claim 1 wherein theprocessor is configured to determine whether the screen history dataincludes information indicating the display of a mail setting screen andwhen a result of the determination is yes, store a flag indicating thecertificate signing request is private.
 8. The processing apparatusaccording to claim 7 wherein when a result of the determination is yes,store a flag indicating that email contents protection is ON.
 9. Theinformation processing apparatus according to claim 1 wherein theprocessor is configured to determine whether the screen history dataincludes information indicating the display of a device connectionsetting screen and when a result of the determination is yes, store aflag indicating the certificate signing request is private.
 10. Theprocessing apparatus according to claim 9 wherein when a result of thedetermination is yes, store a flag indicating that device connectionauthentication is ON.
 11. The information processing apparatus accordingto claim 1 wherein the processor is configured to determine whether thescreen history data includes information indicating the display of a IPPand WEB setting screen and when a result of the determination is yes,store a flag indicating the certificate signing request is private. 12.The processing apparatus according to claim 11 wherein when a result ofthe determination is yes, store a flag indicating that IPP and WEBsetting communication protection is ON.
 13. A non-transitorycomputer-readable medium having a computer program stored thereon and isreadable by a computer provided in an information processing apparatus,said computer program, when executed by the computer, causes the imageprocessing apparatus to perform operations comprising: transmitting acertificate setting screen data to the terminal apparatus, thecertificate setting screen data causing the terminal apparatus todisplay on the display unit a certificate setting screen; storing ascreen history data in the memory in response to transmittingcertificate setting screen data, the screen history data including ahistory of screen data transmitted to the terminal apparatus;transmitting a certificate signing request screen data to a terminalapparatus, the certificate signing request screen data causing theterminal apparatus to display a certificate signing request screen,which includes input columns, on a display unit; acquiring basic areainformation from the terminal apparatus, wherein the basic areainformation represents user's input in the input columns; generating andtransmitting to the terminal apparatus extensions setting screen data inaccordance with the screen history data, the extensions setting screendata causing the terminal apparatus to display an extensions settingscreen, which includes a plurality of selection fields, on the displayunit, wherein at least part of the plurality of selection fields havealready been checked in accordance with the screen history data when theextension setting screen is displayed on the display unit, the pluralityof selection fields being included in one of a first selection fieldgroup and a second selection field group, the first selection fieldgroup including a plurality of transmission destinations of certificatesigning request by a radio button selection of one of private andpublic, the private radio button being already checked if the screenhistory data indicates that a specific screen has been transmitted priorto the certificate setting screen data and the public radio button beingalready checked if the screen history data indicates that a specificscreen has not been transmitted prior to the certificate setting screendata, wherein, according to user's selection of the private radio buttonor according to the selection of the private radio button being alreadychecked in accordance with the screen history data, one or moreselection fields of the second selection field group is displayed in amanner prohibiting selection; acquiring, from the memory, a specificitem name and a specific item content in accordance with checked fieldsin the plurality of selection fields, the specific item name being oneof a plurality of item names stored in a memory, the specific itemcontent being one of a plurality of item contents stored in the memory;generating a specific certificate signing request including basic areaand specific extensions, wherein the basic area represents the acquiredbasic area information, and the specific extensions represent theacquired specific item name and the acquired specific item content; andoutputting the generated specific certificate signing request to theterminal apparatus.
 14. The information processing apparatus accordingto claim 1, wherein the processor is further configured to: transmit themain screen data to the terminal apparatus, the main screen data causingthe terminal apparatus to display the main screen on the display unitincluding a first link and a second link; transmit the certificatescreen data to the terminal apparatus in response to activation of thefirst link in the main screen, the certificate screen data causing theterminal apparatus to display on the display unit a secondary screen,including a third link; transmit a certificate setting screen data tothe terminal apparatus in response to activation of the third link inthe secondary screen, the certificate setting screen data causing theterminal apparatus to display on the display unit the certificatesetting screen; and transmit the certificate setting screen data to theterminal apparatus in response to activation of the second link in themain screen, the certificate setting screen data causing the terminalapparatus to display on the display unit the certificate setting screen.15. The information processing apparatus according to claim 14, whereinthe certificate setting screen data further cause the terminal apparatusto display the certificate setting screen including a fourth link, andwherein the processor is further configured to: transmit the certificatesigning request screen data to the terminal apparatus in response toactivation of the fourth link in the certificate setting screen, thecertificate signing request screen data causing the terminal apparatusto display on the display unit a certificate signing request screenincluding the input columns.
 16. The information processing apparatusaccording to claim 14, wherein the extension setting screen data causesthe terminal apparatus to display the extension setting screen havingthe plurality of selection fields all grayed out when the screen historydata indicates that the certificate screen data is not transmitted tothe terminal apparatus before transmitting the certificate settingscreen data to the terminal apparatus.
 17. The non-transitorycomputer-readable medium according to claim 13 wherein the operationsinclude determining whether the screen history data includes informationindicating the display of a device connection setting screen and when aresult of the determination is yes, storing a flag indicating thecertificate signing request is private.
 18. The non-transitorycomputer-readable medium according to claim 17 wherein when a result ofthe determination is yes, storing a flag indicating that deviceconnection authentication is ON.
 19. The non-transitorycomputer-readable medium according to claim 13 wherein the operationsinclude determining whether the screen history data includes informationindicating the display of a IPP and WEB setting screen and when a resultof the determination is yes, storing a flag indicating the certificatesigning request is private.
 20. The non-transitory computer-readablemedium according to claim 19 wherein when a result of the determinationis yes, storing a flag indicating that IPP and WEB setting communicationprotection is ON.
 21. The non-transitory computer-readable mediumaccording to claim 13 wherein the operations include determining whetherthe screen history data includes information indicating the display of amail setting screen and when a result of the determination is yes,storing a flag indicating the certificate signing request is private.22. The non-transitory computer-readable medium according to claim 21wherein when a result of the determination is yes, storing a flagindicating that email contents protection is ON.